Office (OLE) / .EXE malware analysis — malicious · d23c150cf284cde8

MALICIOUS

Office (OLE) / .EXE

186.5 KB Created: 1999-02-08 09:24:15 Authoring application: Microsoft Excel

MD5: 325ee64f662a4e8c8dc609ecf1b98a15 SHA-1: 47eaf2875fdb81fe08d812cff9713e190f0ec06a SHA-256: d23c150cf284cde8e9e4413b0ecfc88dadbd8da8a324666f8b54c376be34ceb4

62 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The critical heuristic firing for 'OLE_XLS5_LAROUX_MACRO_VIRUS' indicates the presence of the Laroux macro virus, a known type of malware often found in older Excel files. Although VBA macros could not be extracted due to an unsupported format, the presence of this marker strongly suggests malicious intent. The file's metadata indicates it is an executable disguised as an Excel file, further supporting a malicious classification.

Heuristics 2

Excel 5 Laroux macro-virus marker cluster critical OLE_XLS5_LAROUX_MACRO_VIRUS

Legacy Excel workbook contains the Laroux macro-virus marker cluster including the hidden laroux module, auto_open/check_files routines, and PERSONAL.XLS replication strings. This is a narrow indicator for an infected legacy Excel macro workbook.
Unsupported Office format for VBA extraction info OFFICE_FORMAT_UNSUPPORTED

olevba could not extract VBA macros (PermissionError); format-agnostic byte-level scans still ran. Likely legacy, encrypted, or malformed OLE/OOXML — re-scanning the same bytes will yield the same outcome.

Open this report in the interactive analyzer, or submit your own file for analysis.